Unveiling Kubernetes: Architecture, Core Components, and Source Code Deep Dive

Overview

Kubernetes (K8s) is an open‑source container orchestration platform written in Go. It coordinates a set of Nodes that run Pods, provides stable Service networking, enforces security policies, and can be extended with custom resources.

Core Concepts

Pod : the smallest schedulable unit; may contain one or more containers.

Node : a physical or virtual machine that hosts Pods.

Cluster : a collection of Nodes that operate as a single logical unit.

Service : an abstraction that gives Pods a stable IP address and DNS name and load‑balances traffic.

Control‑Plane Components (Master)

etcd

: a distributed key‑value store that persists cluster configuration and state using the Raft consensus algorithm. kube-apiserver: the central API server; validates and processes all API requests and can be horizontally scaled. kube-controller-manager: runs built‑in controllers (e.g., ReplicationController, NamespaceController) that watch etcd and reconcile the desired state. kube-scheduler: assigns Pods to Nodes based on resource requirements, node health, and scheduling policies.

Worker‑Node Components

kubelet

: an agent that registers the Node with the API server, pulls Pod specifications, creates containers via the container runtime, and monitors health. kube-proxy: configures iptables or IPVS rules on each Node to implement Service load‑balancing and Pod‑to‑Pod communication.

Container Runtime : software that actually runs containers (Docker, containerd, CRI‑O). Interaction is defined by the Container Runtime Interface (CRI).

Networking Model

Kubernetes uses a flat network model: each Pod receives a unique IP address, enabling direct Pod‑to‑Pod communication without NAT. kube-proxy on every Node maintains iptables/IPVS rules to expose Services as virtual IPs and perform load‑balancing.

Security and Authentication

Authorization is enforced with Role‑Based Access Control (RBAC).

All API traffic is encrypted with TLS.

Pod Security Policies (or the newer Pod Security Standards) restrict privileged operations.

Mutual X.509 certificates authenticate the API server, kubelet, and other components.

Extensibility

Custom Resource Definitions (CRDs) allow users to introduce new API objects. Custom controllers watch these resources and implement bespoke behavior, extending the platform without modifying core code.

Source‑Code Layout

Official repository: https://github.com/kubernetes/kubernetes

The repository is organized into several top‑level directories: cmd: entry points for each binary (e.g., kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, kube-proxy). pkg: core libraries, data structures, and utilities used throughout the system. staging: experimental or third‑party code that has not yet been promoted to a stable release. api: definitions of built‑in API resources such as Pods, Services, and CRDs.

Key Component Source Paths

kube‑apiserver : cmd/kube-apiserver (initialization) and pkg/apiserver (core logic).

etcd integration : pkg/storage (storage interfaces) and pkg/master/master.go (master controller interacting with etcd).

kube‑controller‑manager : cmd/kube-controller-manager and pkg/controller (common controller interfaces).

kube‑scheduler : cmd/kube-scheduler and pkg/scheduler, with algorithms in pkg/scheduler/algorithm.

kubelet : cmd/kubelet and pkg/kubelet, including pkg/kubelet/kubelet_pods.go for pod lifecycle management.

kube‑proxy : cmd/kube-proxy and pkg/proxy, with pkg/proxy/iptables.go handling iptables rule updates.

Reference Diagram